Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Lawsuit. Show all posts
User Security
Data Breach Lawsuit Treasury Department US Citizens User Security

19 US States Sue to Prevent DOGE From Accessing Americans' Private Data

 

In an effort to prevent Elon Musk's Department of Government Efficiency from gaining access to Treasury Department documents that hold private information like Social Security numbers and bank account numbers for millions of Americans, 19 Democratic attorneys general filed a lawsuit against President Donald Trump on Friday last week. 

Filed in federal court in New York City, the lawsuit claims that the Trump administration violated federal law by giving Musk's team access to the Treasury Department's central payment system. 

The payment system manages tax refunds, Social Security payments, veterans' benefits, and much more. It sends out trillions of dollars annually and contains a vast network of financial and personal information about Americans. To identify and cut out what the Trump administration has determined to be unnecessary federal spending, Musk established his Department of federal Efficiency, or DOGE. 

Supporters have applauded the concept of limiting bloated government finances, but critics have expressed wide concern over Musk's growing authority as a result of DOGE's access to Treasury documents and its review of other government agencies. 

The case was filed by the office of New York Attorney General Letitia James, who stated that DOGE's access to the Treasury Department's data presents security issues and the potential for an illegal federal fund freezing. 

“This unelected group, led by the world’s richest man, is not authorized to have this information, and they explicitly sought this unauthorized access to illegally block payments that millions of Americans rely on, payments for health care, child care and other essential programs,” James noted in a video message published by her office. 

James, a Democrat who has been one of Trump's main opponents, stated that the president cannot stop federal payments that Congress has authorised or give out Americans' private information to anybody he wants. Moreover, Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, North Carolina, Oregon, Rhode Island, Vermont, and Wisconsin are parties to the complaint.

The suit claims that DOGE's access to Treasury records may interfere with funding already approved by Congress, which would go beyond the Treasury Department's legislative power. The case further contends that DOGE access violates federal administrative law as well as the separation of powers doctrine of the US Constitution. 

It also accuses Treasury Secretary Scott Bessent of altering the department's long-standing policy of safeguarding sensitive personally identifiable information and financial information in order to grant Musk's DOGE team access to the payment systems. 

The Treasury Department has stated that the review is intended to assess the system's integrity and that no adjustments would be made. According to two people familiar with the situation, Musk's team began exploring ways to block payments made by the US Agency for International Development, which Trump and Musk are aiming to abolish. The two persons spoke to The Associated Press on the condition of anonymity for fear of punishment.
Read more »
sensitive data exposure
Confidential Data Cyber Crime data security Data Theft Google Google Pixel Lawsuit sensitive data exposure

Google Sues Ex-Employee for Leaking Pixel Chip Trade Secrets Online

 


Google has filed a lawsuit against Harshit Roy, a former employee, accusing him of leaking sensitive information about the company's chip designs. The lawsuit, filed in a Texas federal court, alleges that Roy, who worked as an engineer at Google from 2020 to 2024, disclosed confidential details about Pixel processing chips on social media platforms, including X (formerly Twitter) and LinkedIn. 
 
According to the complaint, Roy captured internal documents containing proprietary chip specifications before resigning in February 2024. After leaving Google, he moved from Bangalore, India, to Austin, Texas, to pursue a doctoral program at the University of Texas. 
 

The lawsuit claims that Roy:   

 
- Shared these confidential documents publicly, violating his confidentiality agreement with Google.  
- Posted statements such as, “Don’t expect me to adhere to any confidentiality agreement,” and “Empires fall, and so will you,” along with images of internal documents.   
- Ignored multiple takedown requests from Google and continued posting proprietary information online.  
- Tagged competitors like Apple and Qualcomm in some of his posts, allegedly drawing attention to the leaked information. 
 
Google asserts that the leaked materials contained trade secrets critical to its operations. The disclosures reportedly led to media outlets publishing stories based on the leaked information, further exacerbating the breach. 
 
Jose Castaneda, a spokesperson for Google, emphasized the company's commitment to addressing the situation. “We discovered that this former employee unlawfully disclosed numerous confidential documents. We are pursuing legal action to address these unauthorized disclosures, as such behavior is completely unacceptable,” Castaneda stated. 
 

Google is seeking:   

 
  • Monetary damages to compensate for the breach.   
  • A court order to prevent Roy from further distributing or using the leaked information. 

As part of the legal proceedings, a judge issued a temporary restraining order on Wednesday, prohibiting Roy from sharing additional proprietary details. Google argues that such measures are necessary to:   
 
  • Protect its intellectual property.   
  • Maintain trust within its operations. 
 
This case highlights the ongoing challenges faced by companies in safeguarding trade secrets, especially in highly competitive industries like technology. As the legal battle unfolds, it is expected to shed light on the legal and ethical boundaries of confidentiality agreements and the potential consequences of breaching such agreements in the tech industry.
Read more »
US Court
Cyber Fraud Illicit Activity Lawsuit UK Scammer US Court

UK Scammer Made Millions by Breaching Into Execs’ Office365 Inboxes

 

A man has been charged by federal authorities for allegedly engaging in a "hack-to-trade" scam that allowed him to profit millions of dollars by breaching the Office365 accounts of executives at publicly traded firms and accessing their quarterly financial reports ahead of time. 

Robert B. Westbrook, a citizen of the United Kingdom, is accused of making approximately $3.75 million in 2019 and 2020 from stock trades that profited from the illegally obtained information, according to the lawsuit filed by the US Attorney's office for the district of New Jersey. 

Prosecutors claimed that after gaining access to it, he made stock trades. He was able to take action and profit from the information before the wider public did thanks to the prior notice. The US Securities and Exchange Commission filed a separate civil claim against Westbrook, seeking an order to pay civil fines and refund all illicit gains. 

“The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud,” Jorge G. Tenreiro, acting chief of the SEC’s Crypto Assets and Cyber Unit, noted in a statement. “As this case demonstrates, even though Westbrook took multiple steps to conceal his identity—including using anonymous email accounts, VPN services, and utilizing bitcoin—the Commission’s advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking.” 

According to a federal indictment issued in the US District Court for the District of New Jersey, Westbrook hacked the email accounts of executives from five publicly traded US firms. He carried out the intrusions by misusing Microsoft's password reset feature for Office365 accounts. Westbrook allegedly went on to establish forwarding rules in certain cases, that led all incoming emails to be automatically forwarded to an email address under his control. 

Once an individual secures unauthorized access to an email account, it’s possible to hide the breach by disabling or deleting password reset alerts and burying password reset rules deep inside account settings. 

Prosecutors charged Westbrook with one count each of securities and wire fraud, as well as five counts of computer fraud. The securities fraud count has a maximum punishment of up to 20 years in prison and $5 million in fines. 

The maximum penalty for wire fraud is up to 20 years in jail and a fine of either $250,000 or double the gain or loss from the offence, whichever is greater. Each computer fraud count is punishable by up to five years in prison and a maximum penalty of $250,000 or twice the offense's gain or loss, whichever is greater.
Read more »
United States
Data Breach Data Firm Data Leak Lawsuit United States

Lawsuits Pile Up Against Florida-Based Data Firm After Security Breach

 

Given all of the major news events that have dominated headlines this summer, you'd be forgiven for missing yet another: reports that a massive data breach may have disclosed billions of details, including names, social security numbers, and addresses. 

National Public Data (NPD), a background-check data aggregator based in Coral Springs, Florida, recently admitted on its website that "a data security incident"—which was "believed to have involved a third-party bad actor" in December 2023—led to data leaks in April of this year. Bloomberg Law reports that 2.9 billion documents were leaked and then sold on the dark web for $3.5 million. 

Moreover, in recent days, it has become clear that the leak may be worse than previously thought. Brian Krebs, a cybersecurity investigative researcher, revealed on his KrebsOnSecurity website this week that National Public Data exposed its own credentials as part of the breach.

“KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today,” Krebs noted. 

While the breach seems to be getting worse, National Public Data says it is working with law authorities and recommends that users freeze their credit.

The breach was made public earlier this month, following the filing of a class-action lawsuit against National Public Data's parent business, Jerico Pictures, in federal court in Fort Lauderdale. There have also been numerous further lawsuits filed. Since early August, at least 14 complaints have been filed in federal court against National Public Data, according to a Justia database search. 

To get an understanding of what these lawsuits are alleging, in one such filing, filed on August 19, lawyers argue that National Public Data "breached its duties by, among other things, failing to implement and maintain reasonable security procedures and practices to protect individuals' PII [personally identifiable information] from unauthorised access and disclosure," and that "Defendant has not provided any notice to affected individuals, including Plaintiff, who only learnt that her SSN and other PII was posted on the dark web as a result of the Data Breach from LifeLock.” 

People who are concerned that their data has been compromised by fraudsters should freeze their credit and monitor their accounts as a first step. You can also use tools like npdbreach.com to see if your data is included in the repository of leaked information. There are other similar tools available, but they need you to enter your name or other information. 

This year is shaping up to be a significant one for cybercrime: The number of data breaches increased by 490% in the first half of 2024 when compared to the same period in 2023.
Read more »
Tax Records
Financial Information Lawsuit Personal Data Privacy Tax Records

Apology Accepted: Ken Griffin’s Tax Records and the IRS


A Case of Privacy Breach and Unintended Disclosure

In an unprecedented turn of events, the Internal Revenue Service (IRS) recently issued a public apology to billionaire investor Ken Griffin. The reason? Leaked tax records that exposed sensitive financial information, including Griffin’s personal wealth and tax liabilities.

The Internal Revenue Service issued a rare apology for the "thousands" of tax data disclosed to the public between 2018 and 2020.

Griffin issued the apology as part of a deal with the IRS after filing a lawsuit in December 2022 over the "unlawful disclosure" of his tax information, which was disclosed to the public by a contractor.

The Breach and Its Origins

The story began with a former IRS contractor named Charles Littlejohn. Littlejohn, who had access to confidential tax returns, allegedly leaked information about several high-profile taxpayers, including Griffin. 

The recipient of this unauthorized disclosure was the nonprofit news organization ProPublica. The leaked data revealed intricate details about the financial lives of some of the wealthiest Americans.

Ken Griffin: The Billionaire at the Center of the Storm

Ken Griffin, founder of the hedge fund Citadel, is no stranger to the limelight. With a net worth approaching $42 billion, he ranks among the world’s wealthiest individuals. His investment strategies, philanthropic endeavors, and influence in financial circles have made him a prominent figure. However, the leak of his tax records thrust him into an unexpected controversy.

The Fallout and Legal Battle

Upon discovering the breach, Griffin took legal action against the IRS and the U.S. Treasury Department. His lawsuit alleged negligence, violation of privacy, and reputational harm resulting from the unauthorized disclosure. 

The leak not only exposed his financial data but also raised concerns about the security of taxpayer information within the IRS.

The IRS Apology

According to the IRS, the contractor, Charles Littlejohn, "violated" his job contract by disclosing the material to the press. The government also stated that Littlejohn "betrayed the trust" of Americans, including billionaire Elon Musk.

In a rare move, the IRS publicly acknowledged its mistake and issued an apology directly to Ken Griffin. The agency expressed regret for the inadvertent release of his tax records. 

The apology came after Griffin dropped his lawsuit, signaling a resolution to the matter. However, questions remain about the broader implications of such breaches and the safeguards in place to prevent future incidents.

Read more »
Safe Browsing
Google Incognito Lawsuit Privacy Safe Browsing

Google’s Incognito Mode: Privacy, Deception, and the Path Forward

Google’s Incognito Mode: Privacy, Deception, and the Path Forward

In a digital age where privacy concerns loom large, the recent legal settlement involving Google’s Incognito mode has captured attention worldwide. The tech giant, known for its dominance in search, advertising, and web services, has agreed to delete billions of records and make significant changes to its tracking practices. Let’s delve into the details and explore the implications of this landmark decision.

The Incognito Mode Controversy

Incognito mode promises users a private browsing experience. It suggests that their online activities won’t be tracked, cookies won’t be stored, and their digital footprints will vanish once they exit the browser. However, the reality has been far from this idealistic portrayal.

The Illusion of Privacy: Internal documents revealed that Google employees referred to Incognito mode as “effectively a lie” and “a confusing mess”. Users believed they were operating in a secure, private environment, but Google continued to collect data, even in this supposedly incognito state.

Data Collection Despite Settings: The class action lawsuit filed against Google in 2020 alleged that the company tracked users’ activity even when they explicitly set their browsers to private modes. This revelation shattered the illusion of privacy and raised serious questions about transparency.

The Settlement: What It Means

Google’s proposed legal settlement aims to address these concerns and bring about meaningful changes:

Data Deletion: Google will wipe out “hundreds of billions” of private browsing data records it had collected. This move is a step toward rectifying past privacy violations.

Blocking Third-Party Cookies: For the next five years, Google Chrome’s Incognito mode will automatically block third-party cookies by default. These cookies, often used for tracking, will no longer infiltrate users’ private sessions.

Global Impact: The settlement extends beyond U.S. borders. Google’s commitment to data deletion and cookie blocking applies worldwide. This global reach emphasizes the significance of the decision.

The Broader Implications

Transparency and Accountability: The settlement represents an “historic step” in holding tech giants accountable. Lawyer David Boies, who represented users in the lawsuit, rightly emphasized the need for honesty and transparency. Users deserve clarity about their privacy rights.

User Trust: Google’s actions will either restore or further erode user trust. By deleting records and blocking cookies, the company acknowledges its missteps. However, rebuilding trust requires consistent adherence to privacy commitments.

Ongoing Legal Battles: While this settlement is a milestone, Google still faces other privacy-related lawsuits. The outcome of these cases could result in substantial financial penalties. The tech industry is on notice: privacy violations won’t go unnoticed.

The Road Ahead

As users, we must remain vigilant. Privacy isn’t just a checkbox; it’s a fundamental right. Google’s actions should prompt us to reevaluate our digital habits, understand the trade-offs, and demand transparency from all tech companies.

In the end, the battle for privacy isn’t won with a single settlement. It’s an ongoing struggle—one that requires vigilance, legal scrutiny, and a commitment to safeguarding our digital lives. Let’s hope that this landmark decision serves as a catalyst for positive change across the tech landscape.

Read more »
WhatsApp
Cyber Attacks CyberCrime Cybersecurity Jews Lawsuit NSO WhatsApp

WhatsApp Debunks Baseless Claims of Cyberattack Targeting Jews

 


Forwarded messages spewing rumours of cyberattacks targeting Jewish people, or stoking fears that Jewish people might be the target of cyberattacks, have no basis in reality, according to Meta's WhatsApp messaging service. 

Numerous online platforms have appeared to be spreading the warnings in recent days, with warnings beginning to circulate on Saturday. Scott Melker, one of the most influential crypto influencers on X, who has over one million followers, posted a warning on the social network asking that people share it with others. 

Hackers will use the WhatsApp app to lure WhatsApp users to download a file called "Seismic Waves CARD" the app, which will allow them to hack their phones in less than 10 seconds after installing the app. A post by Melker has been retweeted 200 times and has been viewed more than 250,00 times as of this writing. 

As reported by NBC News, the warning has been posted more than 30 times on X and has also spread to other social media and messaging services, including Facebook, Twitter, WhatsApp and WhatsApp Messenger. There have been more than a dozen other posts since then, including one that was posted by a former Twitter user who spread the warning across Twitter, Facebook, and other social media platforms. 

In a recent interview with the New York Times, WHO Communications Manager Emily Westcott stated that similar rumours have circulated before and that the company had previously confirmed that the messages hacked by "seismic waves" had been false. There have been several hoaxes popping up of late, warning of the download of a “Seismic Waves CARD”, which supposedly relates to the Moroccan earthquakes. 

The message copycats elements of a previous hoax warning issued just several weeks ago. A Snopes report in September confirmed that those messages were also false and that WhatsApp had lied about them.

A Similar Hoax Has Been Reported in The Past 

In a report published by multiple news outlets, Emily Westcott, a communications manager at WhatsApp, owned by Meta, stated that this type of hoax has been reported in the past. 

According to her, similar messages regarding the September earthquake in Morocco had also been falsely reported by the company in a previous statement that was made to fact-checking website Snopes. Even though spyware has cropped up in the past, this issue is rare to date and the spread of the hoax plays to the fears that victims may have about spyware on their phones.

As per researchers, Israeli cyber-intelligence company NSO Group created spyware in 2019 which was capable of infecting cell phones through the app's voice calling function based on a vulnerability found in WhatsApp's code. 

According to WhatsApp's lawsuit against NSO, the spyware was allegedly targeting 1,400 users, including journalists, lawyers, human rights activists, political dissidents, diplomats, and foreign officials in a position to represent a foreign government. It has been reported that NSO's products were at least a minor part of the murder of the Washington Post journalist Jamal Khashoggi. 

Elon Musk has been criticized heavily for his more relaxed approach to content moderation and the spread of misinformation at X, and as a result, Musk himself has commented on conspiracy theories that are spreading throughout the site. After Musk posted a message on Sunday urging X users to stay updated on the Israel-Hamas fighting by following accounts known for promoting lies, Musk deleted the post after a few hours. 

A number of those accounts have also posted antisemitic content in the past, including a statement that said, "The overwhelming majority of people who work in the media and banks are Zionists," which is antisemitic. Several videos from previous conflicts have been repackaged and distributed on the Internet in the days following the outbreak of the war, including videos repurposing to show footage from the ground, video game clips claiming to show footage from the ground, and a false press release from the White House claiming the Biden administration had provided $8 billion in emergency aid to Israel.
Read more »
The Met
Class Action Lawsuit Data Breach Lawsuit Manhattan Supreme Court Metropolitan Opera Breach NYC Metropolitan Opera The Met

NYC’s Metropolitan Opera Faces Lawsuit for 2022 Data Breach


World’s largest opera house, the New York City’s Metropolitan Opera has recently been charged with a class action lawsuit following a data breach that took place in year 2022 and apparently compromised private information of around 45,000 employees and patrons. The lawsuit has been filed in the Manhattan Supreme Court.

According to Anthony Viti, former Met employee – the largest performing arts organization in the country – and the lead plaintiff in the lawsuit, the private information that is compromised in the breach includes victim’s Social Security number, driver’s license number, date of birth and financial account information.

When the breach was first reported by The New York Times in December, the company's website and box office had been down for more than 30 hours.

The lawsuit reads, “For approximately two months, The Met failed to detect an intruder with access to and possession of The Met’s current/former employees and consumers’ data[…]It took a complete shutdown of The Met’s website and box office for The Met to finally detect the presence of the intruder.”

Following the incident, The Met requested a third-party forensic investigation, which revealed that cybercriminals had stolen personally identifiable information over a two-month period between September and December.

“Through an investigation conducted by third-party specialists, the Met learned that an unknown actor gained access to certain of their systems between September 30, 2022 and December 6, 2022 and accessed or took certain information from those systems,” Stephanie Basta, the opera’s lawyer, wrote in a letter submitted to the Maine Attorney General on May 3.

Following the lawsuit, The Met responded by offering victims with a year of credit monitoring services.


The lawsuit condemned The Met, stating "The Met failed to detect an intruder with access to and possession of The Met's current/former employees' and consumers' data[…]It took a complete shutdown of The Met's website and box office for The Met to finally detect the presence of the intruder."

Viti said The Met's response to the data breach has been "woefully insufficient" and alleged that the organization did not disclose to affected parties that their data had been compromised until May 3, nearly five months after the incident.

However, The Met dejects the claims, saying “We strongly believe this case has no merit.”  

Read more »
Subscribe to: Posts (Atom)